CVE-2013-6234

Name of the Vulnerable Software and Affected Versions SpagoBI versions prior to 4.1

Description The issue allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension to the Worksheet designer, and then accessing it via a direct request. This is related to an unrestricted file upload vulnerability.

Recommendations For versions prior to 4.1, update to version 4.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the Worksheet designer to minimize the risk of exploitation. Avoid allowing uploads of files with executable extensions until the issue is resolved.